Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 329a0807 authored by Florian Westphal's avatar Florian Westphal Committed by Pablo Neira Ayuso
Browse files

netfilter: ip6_tables: simplify translate_compat_table args 



Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 7d3f843e

net/ipv6/netfilter/ip6_tables.c

+24 −35
Original line number Diff line number Diff line
@@ -1461,7 +1461,6 @@ compat_copy_entry_to_user(struct ip6t_entry *e, void __user **dstptr, 


static int

compat_find_calc_match(struct xt_entry_match *m,

		       const char *name,

		       const struct ip6t_ip6 *ipv6,

		       int *size)

{
@@ -1498,8 +1497,7 @@ check_compat_entry_size_and_hooks(struct compat_ip6t_entry *e, 
				  const unsigned char *base,

				  const unsigned char *limit,

				  const unsigned int *hook_entries,

				  const unsigned int *underflows,

				  const char *name)

				  const unsigned int *underflows)

{

	struct xt_entry_match *ematch;

	struct xt_entry_target *t;
@@ -1535,7 +1533,7 @@ check_compat_entry_size_and_hooks(struct compat_ip6t_entry *e, 
	entry_offset = (void *)e - (void *)base;

	j = 0;

	xt_ematch_foreach(ematch, e) {

		ret = compat_find_calc_match(ematch, name, &e->ipv6, &off);

		ret = compat_find_calc_match(ematch, &e->ipv6, &off);

		if (ret != 0)

			goto release_matches;

		++j;
@@ -1584,7 +1582,7 @@ check_compat_entry_size_and_hooks(struct compat_ip6t_entry *e, 


static int

compat_copy_entry_from_user(struct compat_ip6t_entry *e, void **dstptr,

			    unsigned int *size, const char *name,

			    unsigned int *size,

			    struct xt_table_info *newinfo, unsigned char *base)

{

	struct xt_entry_target *t;
@@ -1664,14 +1662,9 @@ static int compat_check_entry(struct ip6t_entry *e, struct net *net, 


static int

translate_compat_table(struct net *net,

		       const char *name,

		       unsigned int valid_hooks,

		       struct xt_table_info **pinfo,

		       void **pentry0,

		       unsigned int total_size,

		       unsigned int number,

		       unsigned int *hook_entries,

		       unsigned int *underflows)

		       const struct compat_ip6t_replace *compatr)

{

	unsigned int i, j;

	struct xt_table_info *newinfo, *info;
@@ -1683,8 +1676,8 @@ translate_compat_table(struct net *net, 


	info = *pinfo;

	entry0 = *pentry0;

	size = total_size;

	info->number = number;

	size = compatr->size;

	info->number = compatr->num_entries;



	/* Init all hooks to impossible value. */

	for (i = 0; i < NF_INET_NUMHOOKS; i++) {
@@ -1695,40 +1688,39 @@ translate_compat_table(struct net *net, 
	duprintf("translate_compat_table: size %u\n", info->size);

	j = 0;

	xt_compat_lock(AF_INET6);

	xt_compat_init_offsets(AF_INET6, number);

	xt_compat_init_offsets(AF_INET6, compatr->num_entries);

	/* Walk through entries, checking offsets. */

	xt_entry_foreach(iter0, entry0, total_size) {

	xt_entry_foreach(iter0, entry0, compatr->size) {

		ret = check_compat_entry_size_and_hooks(iter0, info, &size,

							entry0,

							entry0 + total_size,

							hook_entries,

							underflows,

							name);

							entry0 + compatr->size,

							compatr->hook_entry,

							compatr->underflow);

		if (ret != 0)

			goto out_unlock;

		++j;

	}



	ret = -EINVAL;

	if (j != number) {

	if (j != compatr->num_entries) {

		duprintf("translate_compat_table: %u not %u entries\n",

			 j, number);

			 j, compatr->num_entries);

		goto out_unlock;

	}



	/* Check hooks all assigned */

	for (i = 0; i < NF_INET_NUMHOOKS; i++) {

		/* Only hooks which are valid */

		if (!(valid_hooks & (1 << i)))

		if (!(compatr->valid_hooks & (1 << i)))

			continue;

		if (info->hook_entry[i] == 0xFFFFFFFF) {

			duprintf("Invalid hook entry %u %u\n",

				 i, hook_entries[i]);

				 i, info->hook_entry[i]);

			goto out_unlock;

		}

		if (info->underflow[i] == 0xFFFFFFFF) {

			duprintf("Invalid underflow %u %u\n",

				 i, underflows[i]);

				 i, info->underflow[i]);

			goto out_unlock;

		}

	}
@@ -1738,17 +1730,17 @@ translate_compat_table(struct net *net, 
	if (!newinfo)

		goto out_unlock;



	newinfo->number = number;

	newinfo->number = compatr->num_entries;

	for (i = 0; i < NF_INET_NUMHOOKS; i++) {

		newinfo->hook_entry[i] = info->hook_entry[i];

		newinfo->underflow[i] = info->underflow[i];

	}

	entry1 = newinfo->entries;

	pos = entry1;

	size = total_size;

	xt_entry_foreach(iter0, entry0, total_size) {

	size = compatr->size;

	xt_entry_foreach(iter0, entry0, compatr->size) {

		ret = compat_copy_entry_from_user(iter0, &pos, &size,

						  name, newinfo, entry1);

						  newinfo, entry1);

		if (ret != 0)

			break;

	}
@@ -1758,12 +1750,12 @@ translate_compat_table(struct net *net, 
		goto free_newinfo;



	ret = -ELOOP;

	if (!mark_source_chains(newinfo, valid_hooks, entry1))

	if (!mark_source_chains(newinfo, compatr->valid_hooks, entry1))

		goto free_newinfo;



	i = 0;

	xt_entry_foreach(iter1, entry1, newinfo->size) {

		ret = compat_check_entry(iter1, net, name);

		ret = compat_check_entry(iter1, net, compatr->name);

		if (ret != 0)

			break;

		++i;
@@ -1803,7 +1795,7 @@ translate_compat_table(struct net *net, 
free_newinfo:

	xt_free_table_info(newinfo);

out:

	xt_entry_foreach(iter0, entry0, total_size) {

	xt_entry_foreach(iter0, entry0, compatr->size) {

		if (j-- == 0)

			break;

		compat_release_entry(iter0);
@@ -1848,10 +1840,7 @@ compat_do_replace(struct net *net, void __user *user, unsigned int len) 
		goto free_newinfo;

	}



	ret = translate_compat_table(net, tmp.name, tmp.valid_hooks,

				     &newinfo, &loc_cpu_entry, tmp.size,

				     tmp.num_entries, tmp.hook_entry,

				     tmp.underflow);

	ret = translate_compat_table(net, &newinfo, &loc_cpu_entry, &tmp);

	if (ret != 0)

		goto free_newinfo;